WordPress plugin RRAddons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1713 · WordPress · Rraddons For Elementor

Name of the Vulnerable Software and Affected Versions: RRAddons for Elementor plugin for WordPress version 1.1.0 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts due to insufficient restrictions o...

PT-2025-1753 · WordPress · The Unlimited Theme Addon For Elementor/Woocommerce

Name of the Vulnerable Software and Affected Versions: The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

CVE-2024-54997

creationtimestamp| type| source ---|---|--- 2025-01-10 21:15:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfg4gbrwhm2i 2025-01-10 21:39:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lfg5qqgmvm2u 2025-01-10 23:02:06+00:00| seen|...

WordPress Post Duplicator plugin <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure vulnerability

Authenticated Contributor+ Protected Post Disclosure vulnerability discovered by Webbernaut in WordPress Plugin Post Duplicator versions = 2.36...

CVE-2024-50807

creationtimestamp| type| source ---|---|--- 2025-01-10 16:04:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113804905401091069 2025-01-10 16:16:03+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfflonwihj22 2025-01-10 18:00:56+00:00| seen|...

CVE-2024-13318

The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cldeletelistingfunc function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts...

CVE-2024-13303

creationtimestamp| type| source ---|---|--- 2025-01-09 21:16:25+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlythl7b2e 2025-01-09 21:38:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lfdnazhipy2e 2025-01-09 22:48:01+00:00| seen|...

CVE-2025-21599

creationtimestamp| type| source ---|---|--- 2025-01-09 16:48:30+00:00| seen| https://infosec.exchange/users/cve/statuses/113799417683833601 2025-01-09 17:15:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfd6kb3fkl25 2025-01-09 17:21:06+00:00| seen|...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from improper validation of post types, allowing an attacker to deny service to some users by creating posts with the customplnotification type...

CVE-2025-20166

creationtimestamp| type| source ---|---|--- 2025-01-08 16:15:48+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113793626771738794 2025-01-08 16:27:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113793673111799579 2025-01-08 17:15:42+00:00| seen|...

CVE-2024-12855

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-56444

creationtimestamp| type| source ---|---|--- 2025-01-08 02:59:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113790493829149479 2025-01-08 03:15:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf775rpqnh25 2025-01-08 03:40:41+00:00| seen|...

CVE-2024-50603

creationtimestamp| type| source ---|---|--- 2025-01-08 01:09:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113790061901237352 2025-01-08 01:15:28+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6yghkmun2f 2025-01-08 01:37:28+00:00| seen|...

PT-2025-1900 · WordPress · The 140+ Widgets | Xpro Addons For Elementor

Name of the Vulnerable Software and Affected Versions: 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress versions up to, and including, 1.4.6.2 Description: The issue allows authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data...

CVE-2024-11635

creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:36+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6kaflqkk2d 2025-01-08 07:20:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113791523823209673 2025-01-08 07:38:26+00:00| published-proof-of-concept|...

CVE-2024-9939

creationtimestamp| type| source ---|---|--- 2025-01-07 21:01:04+00:00| seen| https://bsky.app/profile/abrahack.bsky.social/post/3lf6k7fj6x22d 2025-01-08 08:34:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113791814054818001 2025-01-08 09:12:49+00:00| published-proof-of-concept|...

WordPress SureForms plugin <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability

Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin SureForms versions = 1.2.2...

CVE-2024-53705

creationtimestamp| type| source ---|---|--- 2025-01-07 12:38:58+00:00| seen| https://vulnerability.circl.lu/bundle/602ffeaf-2425-48cc-967c-0efad9629dd0 2025-01-07 20:37:08+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113788992074892039 2025-01-08 08:57:24+00:00| seen|...